Computer manufacturer Dell faced a major security challenge after a cyberattack stole the information of approximately 49 million customers.
Dell confirms that the types of information stolen include a person’s name, address, Dell hardware and order information, including service tag, product description, order date, and various warranty information. Did.
What happened: A breakdown of the incident
Menelik, the threat actor behind the attack, has spoken publicly told TechCrunch How did he extract vast amounts of data from Dell without being detected?
Click here to get your cart’s free newsletter, Cyber Guy Report
Menelik set up multiple partner accounts within Dell’s internal portal and, once approved, allowed hackers to access customer data using brute force attacks. In a brute force attack, an attacker submits a large number of passwords or passphrases in the hope that they will eventually guess correctly.
The hacker sent more than 5,000 requests per minute to the page for nearly three weeks, and Dell noticed nothing. After sending nearly 50 million requests and collecting enough data, Menelik sent multiple emails to Dell informing them of the vulnerability. The hacker said it took him nearly a week for Dell to apply all the patches. Dell confirmed to TechCrunch that it received an email notification from the hackers about the vulnerability.
Massive free VPN data breach exposes 360 million records
How Dell responded to the data breach
Dell is the world’s third-largest PC vendor after Lenovo and HP, and the affected accounts represent only a small portion of its user base.I have been contacted by the company this sentence To affected users:
“We are currently investigating an incident related to Dell’s portal, which contains a database containing limited types of customer information related to purchases from Dell. Given the type of information involved, there is a significant risk to customers. I don’t think so.”
We reached out to Dell and received the following statement from a company representative:
“Dell Technologies has a cybersecurity program designed to limit risks to our environments, including those used by our customers and partners. Our program includes rapid assessment of identified threats and risks. We recently identified an incident where the Dell Portal was accessible. This database contained limited types of customer information, including name, address, and specific Dell hardware and ordering information. and did not contain financial or payment information, email addresses, phone numbers, or sensitive customer data.
“After discovering this incident, we immediately implemented incident response procedures, applied containment measures, initiated an investigation, and notified law enforcement. Our investigation was assisted by external forensic experts. We continue to monitor the situation and take steps to protect our customers’ information.”Given the type of information involved, we do not believe there is a material risk to our customers, but it is necessary. We take proactive steps to notify our customers accordingly. ”
How a cyberattack on a large healthcare organization in Ascension impacts your privacy and security
What this means for privacy and security
There is no immediate impact from this data breach. Dell believes the risk to customers is not significant because no financial information, payment information, email addresses, or phone numbers were stolen in this attack.However, the following risks Phishing or even major malware and ransomware Attacks still exist. Attackers may attempt to use infected drives to send personalized letters. This is a tactic we’ve seen before.
Ask our technical experts.Get your free Cyber Guy Report Newsletter in your cart here
There’s a good chance this data breach is already for sale on the dark web. The hacker posted the information for sale on the dark web and quickly deleted it. This often happens when someone purchases an entire database. Dell customers who purchased hardware between 2017 and 2024 should be very wary of messages they receive via email claiming to be from Dell, especially messages requesting personal information.
More than 500,000 Roku accounts compromised in second cybersecurity breach
CLICK HERE TO GET FOX BUSINESS ON THE GO
7 proactive steps you can take to protect your data
In the wake of the cyber attack against Dell, consider taking the following proactive steps to protect your personal information.
1. Change your password. Dell says that no personal information, such as phone numbers or email addresses, was compromised, but if you have a Dell account, you may want to change your password. Please consider using . password manager Generate and save complex passwords.
2.Avoid Tech support phone scam: Since hackers have your data, they may try to contact you by posing as a Dell employee. Be sure to check if the technical support person you’re talking to actually works for Dell. Be skeptical of all unsolicited calls and do not provide personal information.
3. Be careful with mailbox communications. Malicious actors may also try to trick you through the mail. A data breach gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions, or security alerts.
4. Report suspicious activity. If you notice any suspicious activity related to your Dell account or purchases, please report it to security@dell.com. This may include unauthorized purchases, unusual login attempts, or changes to your account information.
Quick tip. Expert insights.Click to get your free Cyberguy Report Newsletter
5. Monitor your account and transactions
You should regularly check your online accounts and transactions for suspicious or fraudulent activity. If you notice anything unusual, please report it to your service provider or authorities as soon as possible. You should also check your credit report and score to see if there are any signs. identity theft Or fraud.
6. Use identity theft protection
Identity theft protection companies monitor your personal information, such as your household title, social security number (SSN), phone number, and email address, and alert you if it’s being used to open an account. It can also help freeze bank and credit card accounts to prevent further misuse by criminals. Check out our tips and recommendations on how to protect yourself from identity theft.
7. Invest in a personal data deletion service. While no service can guarantee the complete removal of data from the Internet, using a deletion service can be beneficial for those who want to monitor and automate the deletion of personal information from a large number of sites over time.Check out my recommended removal services here.
Cart important points
Dell’s recent data breach highlighted flaws in the computer manufacturer’s security infrastructure. This is especially problematic if the attacker is present in the network for an extended period of time. Given Dell’s role in providing hardware and software solutions, including backup and recovery tools, for critical infrastructure, it is important to thoroughly examine code and supply chains for signs of tampering. This is a step in the right direction as Dell is working with law enforcement and third-party security experts to investigate this incident.
CLICK HERE TO GET THE FOX NEWS APP
Have you adjusted your online behavior or settings because of concerns about data privacy or security breaches? Please let us know by emailing us. Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter
Ask your cart a question or let us know your story you’d like us to feature.
follow cart Facebook, YouTube and Instagram
Answers to CyberGuy frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.
